What does the pendingToken parameter mean, in the response payload of a successful POST to signInWithIdp in the Firebase Authentication REST API (Sign in with OAuth credential endpoint) ?
curl -X POST \
'https://identitytoolkit.googleapis.com/v1/accounts:signInWithIdp?key={{key}}' \
-H 'Accept: */*' \
.....
-H 'Content-Type: application/json' \
-H 'Host: identitytoolkit.googleapis.com' \
-d '{
"postBody": "id_token=eyJraWQiO....JWCJHHrxeg&providerId=apple.com",
"requestUri": "https://myapp.firebaseapp.com/__/auth/handler",
"returnIdpCredential": true,
"returnSecureToken": true
}'
{
"federatedId": "apple.com/ABCDE.abcde1234567895ab21ab098234.1234",
"providerId": "apple.com",
"email": "user#privaterelay.appleid.com",
"emailVerified": true,
"localId": "12345678abcdef",
"idToken": "eyJhbGciOiJSUzI1N...RiFQ",
"refreshToken": "AEu4I...N0DuQ",
"expiresIn": "3600",
"oauthIdToken": "eyJraWQiOiJB...Hrxeg",
"rawUserInfo": "{{...user info...}}",
"isNewUser": true,
"kind": "identitytoolkit#VerifyAssertionResponse",
"pendingToken": "AMzJoSn....jNlcw" <-------
}
pendingToken is a private property accidentally left in public header.
The team at Firebase are working to remove it, as they say
"It's a field of no use case at all".
You can read more about it here
Related
I have a success Post call to an api via postman, but when I generate the code snippet for the curl call , payload section throwing an error
The working curl call
curl --location --request POST 'url_to_be_used' \
--header 'Authorization: Token [QWS-T]eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9' \
--form 'payload={
"data": {
"Service_Type": "Tele-Consultation",
"CSR_Partner_Logo": [["", "", "", ""], []],
"Service_Count": "500+",
"Name": "name_to_be_given"
}
}'
Code snippet generated as below
import requests
url = "url_to_be_used"
payload = {'payload': '{
"data": {
"Service_Type": "Tele-Consultation",
"CSR_Partner_Logo": [["", "", "", ""], []],
"Service_Count": "500+",
"Name": "name_to_be_given"
}
}'}
files = [
]
headers = {
'Authorization': 'Token [QWS-T]eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9'
}
response = requests.request("POST", url, headers=headers, data = payload, files = files)
print(response.text.encode('utf8'))
python throws error as SyntaxError: EOL while scanning string literal for the payload which is because of the single quotes i am guessing. When i remove the single code to make it syntax error free , the final post call throws "invalid payload" error. Please guide how to fix it.
As per documentation payload expects dictionary:
https://requests.readthedocs.io/en/master/user/quickstart/
so try:
import requests
url = "url_to_be_used"
payload={
"data": {
"Service_Type": "Tele-Consultation",
"CSR_Partner_Logo": [["", "", "", ""], []],
"Service_Count": "500+",
"Name": "name_to_be_given"
}
}
files=[
]
headers = {
'Authorization': 'Token [QWS-T]eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9'
}
response = requests.request("POST", url, headers=headers, data=payload, files=files)
print(response.text)
Can you also try with three single quotes
import requests
url = "url_to_be_used"
payload={'payload': '''{
"data": {
"Service_Type": "Tele-Consultation",
"CSR_Partner_Logo": [["", "", "", ""], []],
"Service_Count": "500+",
"Name": "name_to_be_given"
}
}'''}
files=[
]
headers = {
'Authorization': 'Token [QWS-T]eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9'
}
response = requests.request("POST", url, headers=headers, data=payload, files=files)
print(response.text)
I try to "translate" this curl command
curl --request POST --header "Content-Type: application/json" --url http://some-url --user userName:apiKey --data '{ "some": "JSON data as string" }'
into Meteor's HTTP call. I tried this:
const options = {
{ "some": "JSON data as object" },
headers: {
'Content-Type': 'application/json',
},
params: {
user: 'userName:apiKey',
},
// Or alternatively
//
// user: 'userName:apiKey',
};
HTTP.call('POST', 'http://some-url', options, (error, result) => {
if (error) {
reject(error);
} else {
resolve(result);
}
});
With curl command it works fine, with HTTP.call I get a 403, Forbidden. Authorization with userName:apiKey seems to fail. How do I specify the userName:apiKey in the HTTP.call example? Or maybe their is another problem?
If you need authentication, you need to add the auth parameter. The params parameter will actually set all the containing properties to be part of the POST request body.
const options = {
data: { "some": "JSON data as object" },
headers: {
'Content-Type': 'application/json',
},
auth: 'userName:apiKey'
}
Read: https://docs.meteor.com/api/http.html#HTTP-call
I'm trying to create a wrapper REST API for Firebase Authentication using cloud functions.
How can I create user or authenticate user on Firebase once I have the Facebook Access token on client (using Facebook SDK)?
If you are using Firebase Functions with HTTP triggers, you can use firebase.js client node.js library to authenticate a user and return the Firbease tokens in your REST API. You would send the Facebook Access token to that HTTP endpoint, sign in the user with signInWithCredential using node.js client library and return the ID token and refresh token.
If you want to use REST API:
curl 'https://www.googleapis.com/identitytoolkit/v3/relyingparty/verifyAssertion?key=[API_KEY]' \
-H 'Content-Type: application/json' \
--data-binary '{"postBody":"access_token=[FACEBOOK_ACCESS_TOKEN]&providerId=[facebook.com]","requestUri":"[http://localhost]","returnIdpCredential":true,"returnSecureToken":true}'
This would return the Firebase ID token and refresh token:
{
"idToken": "[ID_TOKEN]",
"refreshToken": "[REFRESH_TOKEN]",
...
}
This is all you need for a Firebase Auth session.
To construct the user, call the following API with the ID token:
curl 'https://www.googleapis.com/identitytoolkit/v3/relyingparty/getAccountInfo?key=[API_KEY]' \
-H 'Content-Type: application/json' --data-binary '{"idToken":"[FIREBASE_ID_TOKEN]"}'
This would return the user and the data associated:
{
"kind": "identitytoolkit#GetAccountInfoResponse",
"users": [
{
"localId": "ZY1rJK0...",
"email": "user#example.com",
"emailVerified": false,
"displayName": "John Doe",
"providerUserInfo": [
{
"providerId": "password",
"displayName": "John Doe",
"photoUrl": "http://localhost:8080/img1234567890/photo.png",
"federatedId": "user#example.com",
"email": "user#example.com",
"rawId": "user#example.com",
"screenName": "user#example.com"
}
],
"photoUrl": "https://lh5.googleusercontent.com/.../photo.jpg",
"passwordHash": "...",
"passwordUpdatedAt": 1.484124177E12,
"validSince": "1484124177",
"disabled": false,
"lastLoginAt": "1484628946000",
"createdAt": "1484124142000",
"customAuth": false
}
]
}
To refresh the ID token after it expires, use the refresh token returned:
With REST API:
curl 'https://securetoken.googleapis.com/v1/token?key=[API_KEY]' \
-H 'Content-Type: application/x-www-form-urlencoded' \
--data 'grant_type=refresh_token&refresh_token=[REFRESH_TOKEN]'
This would return a new ID token and refresh token:
{
"expires_in": "3600",
"token_type": "Bearer",
"refresh_token": "[REFRESH_TOKEN]",
"id_token": "[ID_TOKEN]",
"user_id": "tRcfmLH7o2XrNELi...",
"project_id": "1234567890"
}
To use this with client library on the backend:
var firebase = require('firebase');
You send the FB access token from the client to your HTTP endpoint and sign-in with it:
var cred = firebase.auth.FacebookAuthProvider.credential(fbAccessToken);
firebase.auth().signInWithCredential(cred).then(function(user) {
// User is obtained here.
// To get refresh token:
// user.refreshToken
// To get ID token:
return user.getIdToken().then(function(idToken) {
// ...
})
}).catch(function(error) {
});
How to pass X-Auth-Token with Meteor's HTTP.call?
E.g. to do something like this:
curl -X GET \
--header "X-Auth-Token: 1234567890abcdeff978d137bc01a2" \
https://example.com/api/call
I found an answer on Meteor's forum:
options = {
headers: { 'X-Auth-Token' : '1234567890abcdeff978d137bc01a2' }
}
A bit more elaborated, in CoffeeScript:
res = HTTP.call 'GET', 'https://example.com/api/call',
headers:
'X-Auth-Token': auth_token
params:
a: 1
b: 2
I need to pass a where constraint(where UserName = "User1") in Meteor http call for Parse Rest APIs. Currently, the result that I get after the below API call includes all the entries not just those where UserName is User1.
var authUrl = "https://api.parse.com/1/classes/ImageData";
Meteor.http.call("GET", authUrl, {
headers: {
"X-Parse-Application-Id": "2CMX1b4JY5xCOPrYEbSc69ucNDDh9pl5yFeqv3A3",
"X-Parse-REST-API-Key": "9UWpw6H7UuBaOEQgT7R3ANQ3rE67yxZxcMHJJaBu",
"content-type": "application/json"
},
params: {
"UserName": "User1",
}
}, function(error, result) {
console.log(JSON.parse(result.content));
}
);
The parse documentation for such an HTTP call in curl representation is:
curl -X GET \
-H "X-Parse-Application-Id: 2CMX1b4JY5xCOPrYEbSc69ucNDDh9pl5yFeqv3A3" \
-H "X-Parse-REST-API-Key: 9UWpw6H7UuBaOEQgT7R3ANQ3rE67yxZxcMHJJaBu" \
-G \
--data-urlencode 'where={"UserName":"User1"}' \
https://api.parse.com/1/classes/ImageData
How can I correctly write this in Meteor?
This seems like it works:
var util = Npm.require('util');
var url = 'https://api.parse.com/1/classes/ImageData';
var result = HTTP.get(url, {
headers: {
'X-Parse-Application-Id': '2CMX1b4JY5xCOPrYEbSc69ucNDDh9pl5yFeqv3A3',
'X-Parse-REST-API-Key': '9UWpw6H7UuBaOEQgT7R3ANQ3rE67yxZxcMHJJaBu',
'content-type': 'application/json'
},
query: 'where={"UserName":"User1"}'
});
console.log(util.inspect(result.data, {depth: null}));
Notes
Meteor.http.call is deprecated. Use the HTTP API instead. Note you will need to $ meteor add http.
Because you need a string and not a key/value pair, use query instead of params. For a GET, both are placed into the query string but your original code made the query ?Username=User1 rather than ?where....